#radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/postgresql.conf
main
i'm disperate with a little thing in freeradius. everything works
fine (i use it for about 2 years) except i can't set Expiration attribute correctly
i have some users defined in raddb/users file, but must of them are in mysql DB
if i put in raddb/users file:
myuser Auth-Type = Local
>Here is a dump of my database:>[EMAIL PROTECTED]
172.16.0.10]# psql -U radius>radius=> select * from
radcheck;>id |
username | attribute
| op |
value>+---+++->
1 | 00-04-23-4d-c4-3d | User-Password | == | 123456> 2 |
00-20
>It doesn't matter whether I use the correct shared secret or
not. I guess it didn't reach the logic to check the secret yet.
yes.
Why do not you dump the mainconfig.clients to see which clients are
included?
Maybe something wrong building the mainconfig.clients list
Hi Yi,
I took a look at the man page for radtest and the syntax is:
user password radius-server nas-port-number secret
You have:
radius#./bin/radtest test test 127.0.0.1 0 testing123
According to the man page for radtest it states:
"Hostname or IP address of the radius server. Optionally, you
>on Jul 12 11:41:42 2004 : Auth: Login OK: [test/155marketer] (from client
>jim.domain.com port 368 cli 0015558623)
>
>anyone can interpret the CLI at the last few words?
PW_CALLING_STATION_ID
freeradius-1.0.0-pre3 source:
auth.c -> auth_name()
Why did not you attempt to grep the source code
I am running radtest on the local system just to test freeradius is working.
It doesn't matter whether I use the correct shared secret or not. I guess it didn't reach the logic to check the secret yet.
- YiGary McKinney <[EMAIL PROTECTED]> wrote:
Hmmm - I see you have a secret defined for t
Yi Zheng <[EMAIL PROTECTED]> wrote:
> * I am sure this clients.conf is the file radiusd read from, because
> if I rename it, the radiusd will complain about missing clients.conf
> and won't start.
That sounds reasonable.
> What could be the problem? The only thing special about this setup
> is
Shawn Simpson <[EMAIL PROTECTED]> wrote:
> This is the entry made in the log when I try to test my radius server
> using the radclient.
> Tue Jul 13 14:30:28 2004 : Error: WARNING: Malformed RADIUS packet from host
> 172.24.4.31: too short (received 8 < minimum 20)
RADIUS packets have at least
Yi,
> radius#./bin/radtest test test 127.0.0.1 0 testing123
> client 127.0.0.1 {
> secret = mytest
> shortname = test-network
> }
In radtest you are specifying "testing123" as the shared secret, but in
your clients.conf file you have d
Hmmm - I see you have a secret defined for the
client but WHERE in the radtest call are you using it???
The server can not "communicate" with the "client"
without the "client" using the proper shared secret
Check the man page on radtest for the
syntax...
gm...
- Original
I am running freeradius 1.0.0-pre3 and seeing the following error messages.
radius#./bin/radtest test test 127.0.0.1 0 testing123Sending Access-Request of id 161 to 127.0.0.1:1812 User-Name = "test" User-Password = "test" NAS-IP-Address = radius NAS-Port = 0rad_recv: A
ï
Yes - if everything is configured properly in the
radiusd.conf file then you should authenticate properly...
What does radiusd -X show??? (I had deleted the
original message - DUH!)
gm too lazy to search the archives at the
moment...
- Original Message -
From:
Chri
Hi Venom,
To answer the "question" requires a question!
If you are using the "users" file for authentication then you would add the
attributes after the line for
validating the user (taken from the users file and modified) :
#steve Auth-Type := Local, User-Password == "testing"
# Service-Type =
On Tue, Jul 13, 2004 at 04:30:19PM -0400, Alan DeKok wrote:
> "Alexander M. Pravking" <[EMAIL PROTECTED]> wrote:
> > > > Exec-Program = "/home/voip/aaa/test"
> >
> > At least you should have used "+=" instead of "=".
>
> It won't make any difference.
Indeed. Even if there were "=" and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 13 July 2004 16:35, RH List Account wrote:
> ... working off the same password file. I would like to differentiate
> services based on the realm - ie
The following should work:
DEFAULT Realm == "c.com", Auth-Type := System
I've searched through the archive and web but am having difficulty
determining what is causing this problem...
This is the entry made in the log when I try to test my radius server
using the radclient.
Tue Jul 13 14:30:28 2004 : Error: WARNING: Malformed RADIUS packet from host
172.24.4.31: too
Hi,
Why don't you tell the list what your requirements are and they might
be able to tell you if FreeRadius supports it?
GNU Radius features: http://www.gnu.org/software/radius/radius.html
FreeRadius Features: http://www.freeradius.org/features.html
Wireless Authentication is 802.1x and freeradi
HI folks,
I run a DSL service in the traditional PPPoE manner via my local telco. For
simplicity's sake, let's say anything @a.com comes to me, @b.com goes to the
competition, etc.
I have just got them to route @c.com to me as well for a different service.
I currently have ...
realm a.com {
I hope this is not a totally stupid question.
Suppose a user [EMAIL PROTECTED] wants to access the network at org-2 by
authenticating at org-1 via the proxy mechanism.
Suppose we want to use PAP-TTLS.
It would seem natural that the proxying is done on the basis of the outer
identity and the tunne
"Alexander M. Pravking" <[EMAIL PROTECTED]> wrote:
> > > Exec-Program = "/home/voip/aaa/test"
>
> At least you should have used "+=" instead of "=".
It won't make any difference.
> > What doesn't work is having two Exec-Program attributes. The server
> > supports only one.
>
> But
Hi all,
This is a rather detailed question, since it relates to the source code of freeRADIUS,
but I'm trolling to see if anyone has come across this or what a freeRADIUS expert
might suggest as a solution.
Configurable failover in working for me in the authorize section. Also, I've built an
"Matthias Wolf" <[EMAIL PROTECTED]> wrote:
> OK, I downloaded the latest Version. But during the
> make process there was an error:
> gcc rlm_dbm_parser.o -o .libs/rlm_dbm_parser
...
> ../../lib/.libs/libradius.so: undefined reference to
> `pthread_mutex_unlock'
> ../../lib/.libs/libradius.so: und
On Tue, Jul 13, 2004 at 11:07:59AM -0400, Alan DeKok wrote:
> Andrey Lakhno <[EMAIL PROTECTED]> wrote:
> > It does not work. May be I done something incorrectly ?
> >
> > acct_users:
> >
> > DEFAULT NAS-IP-Address == x.x.x.x, Acct-Status-Type == Stop
> > Exec-Program = "/home/voip/aaa/acc
Mirta Amalia <[EMAIL PROTECTED]> wrote:
> I'd like to ask, can Radius server be used on a
> different segment as the network that needs to be
> authenticated?? For example, i would like to
> authenticate the network with IPs 192.168.30.* and the
> Radius server is located on IP 192.168.31.1. Could
[EMAIL PROTECTED] wrote:
> I am having the problem of no user being able to pass the correct
> password. The below message and the thread it came from did solve the
> problem, however I was wondering if there is another way to fix this
> problem besides forcing radiusd to run as root.
Make a "s
Hello...
I'd like to ask, can Radius server be used on a
different segment as the network that needs to be
authenticated?? For example, i would like to
authenticate the network with IPs 192.168.30.* and the
Radius server is located on IP 192.168.31.1. Could
that be possible?
thanx before.. :)
-Mi
I am having the problem of no user being able to pass the correct
password. The below message and the thread it came from did solve the
problem, however I was wondering if there is another way to fix this
problem besides forcing radiusd to run as root.
Brian
From: Ivo Simicevic
Subject: Re: rlm
Milver,
I'm trying to do this automatically by using the radius, the Idea is
if user is connected with ADSL and his/her ADSL disconnects the ISDN
would connect, and the radius would change their route by injecting the
route into whichever NAS they connected to at the time, this works fine
so
Hi again
1. It doesn't seem to be casesensitive.
2. I have tried to turn on the debug option on the pgsql, and I can see that the query is accepted and the db is returning a result set (with the information requested).
I'm not sure that I understand how the Freeradius works with a db as b
"Matthias Wolf" <[EMAIL PROTECTED]> wrote:
> Escuche. I want to write the Cisco-AVPair into the radacct.MySQL.Table.
> Every time my sql-string ", '%{cisco-avpair}')" in the sql.conf, returns
> only the ip address and not the other stuff like ports and so on.
It returns the *first* Cisco-AVPair
Hi:
Currently the freeRADIUS server (including R1.0.0
pre-3) doesn't support sending server certificate
chains during the SERVER-HELLO handshake to the
EAP-TLS client/supplicant.
This patch allows freeRADIUS to have certificate chain
of depth greater than 2 in the server/aaa certificate.
This patch
Andrey Lakhno <[EMAIL PROTECTED]> wrote:
> It does not work. May be I done something incorrectly ?
>
> acct_users:
>
> DEFAULT NAS-IP-Address == x.x.x.x, Acct-Status-Type == Stop
> Exec-Program = "/home/voip/aaa/acct_call_generic",
> Fall-Through = Yes
>
> DEFAULT NAS-IP-Address
Hello,
On Tue, 13 Jul 2004, Alan DeKok wrote:
> > Is it possible to use Fall-Through in acct_users like in users file ?
>
> Try it and see.
It does not work. May be I done something incorrectly ?
acct_users:
DEFAULT NAS-IP-Address == x.x.x.x, Acct-Status-Type == Stop
Exec-Program =
Andrey Lakhno <[EMAIL PROTECTED]> wrote:
> Is it possible to use Fall-Through in acct_users like in users file ?
Try it and see.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=?iso-8859-1?q?jeff=20x?= <[EMAIL PROTECTED]> wrote:
> I'd like to use a PAM module to check several
> informations in a specified OID(object) of an LDAP
> database, and this OID would be in an attribute given
> with an ACCESS-REQUEST.
> So, is it possible?
Not really. I suggest asking on a PA
"Yyc" <[EMAIL PROTECTED]> wrote:
> So far as i know,radius protocol which described by RFC28XX is
> less powerful than radius+ protocol which was extended by some
> device producer.
RADIUS+ is also non-standard.
> The difference is that radius+ support Server
> Control and dynamic user servi
"Amit Gupta" <[EMAIL PROTECTED]> wrote:
> Thanks Everybody for your response.
>
> Can you compare GNURadius with freeradius on feature by feature for me.
No.
If you do such a comparison, please post it here, so others won't
have to re-do the work.
Alan DeKok.
-
List info/subscribe/unsub
"Amit Gupta" <[EMAIL PROTECTED]> wrote:
> May I know why FreeRADIUS is your *only* choice for wireless.
Because no other open source server supports wireless.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Is it possible to use Fall-Through in acct_users like in users file ?
--
Andrey Lakhno,
land-ripe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The 6001 is the port number at IP Address 148.213.4.2 where radius returned
the information to the NAS...
gm..
- Original Message - From: "María Bezaida Diaz Vásquez" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 12, 2004 5:00 PM
Subject: Can someone say me what means a l
Hi,
I'm new to radius,
I've installed freeradius on my redhad-linux server in order to authenticate my
wireless clients. I've ZyXEL 650HW ADSL router which is also a wireless access point.
this device has radius server configuration. I want to authenticate my wireless
clients accross radius se
ï
Hmmm,
Looks like most everything is correct - from what
you have sent here...
A couple of things:
1. Is postgresql case sensitive ( I play with
MySQL)??? If so check the case (caps or lower case) of the record field
names to make sure the schema's match for the database and queries.
Hello,
My question can be a little simple, but, i've been
searching for it but I found nothing.
Here is my problem:
I'd like to use a PAM module to check several
informations in a specified OID(object) of an LDAP
database, and this OID would be in an attribute given
with an ACCESS-REQUEST.
So, i
Escuche. I want to write the Cisco-AVPair into the radacct.MySQL.Table.
Every time my sql-string ", '%{cisco-avpair}')" in the sql.conf, returns
only the ip address and not the other stuff like ports and so on.
Here my modified SQL-String:
accounting_update_query_alt = "INSERT into ${acct_table1
>Ok, so far everything right. But how to modifying my sql-string?
>Like that, perhaps: ... , '%{cisco-avpair}')" ...?
I can't understand what do you want to do. You needn't to modify any
sql-queries in freeradius. It returns all AV-pairs automatically.
Mikhail Stepanov.
-
List info/subscrib
Hello,
So far as i know,radius protocol which described by RFC28XX is less powerful
than radius+ protocol which was extended by some device producer.The difference is
that radius+ support Server Control and dynamic user service quality adjust.
Does freeradius support radius+? or
Hi!
As I wrote earlier in this list, I'm trying to get Freeradius to authenticate my clients based on theirs NIC's MAC.
This works great as long as I use the "users" file:
DEFAULT Calling-Station-Id == "CLIENT NIC", Auth-Type := Accept
Filter-ID="profile="">
Now I'm trying to use a Po
- Original Message -
From: "Amit Gupta" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 13, 2004 10:25 PM
Subject: I have to make choice between GNUradius and freeradius. My
requirements are generally those of ISP. Which one will you recommend to
me???
> Thanks Everybody
Thanks Everybody for your response.
Can you compare GNURadius with freeradius on feature by feature for me.
Amit Gupta
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004
-
List
Thanks Paul.
Can you compare GNURadius wwith freeradius on feature by feature for me.
Amit Gupta
- Original Message -
From: "Paul Hampson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 13, 2004 12:37 AM
Subject: Re: I have to make choice between GNUradius and freeradius.
Amit Gupta wrote:
> Thanks Alan.
>
> May I know why FreeRADIUS is your *only* choice for wireless.
>
FreeRADIUS is free :-)
>
> Amit Gupta
> - Original Message -
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 12, 2004 7:12 AM
> Subject: FreeRADIU
Amit Gupta wrote:
> Thanks Alan.
>
> May I know why FreeRADIUS is your *only* choice for wireless.
freeradius is free :)
>
>
> Amit Gupta
> - Original Message -
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 12, 2004 7:12 AM
> Subject: FreeRADIUS
On Tue, Jul 13, 2004 at 12:44:04PM -0700, Amit Gupta wrote:
> May I know reasons for preferring freeradius. Our current system is based on
> freeradius but we are planning to reengineer this to accommodate better
> features.
I find it easy to use, good about following standards, with a wide base
o
++--+--++---+
| id | UserName | Attribute| op | Value |
++--+--++---+
| 1 | cis | cisco-avpair | += | ip:source-ip=3D |
| 2 | cis | cisco-avpair | += | ip:source-port=3D |
++---
Thanks Milver
Amit Gupta
- Original Message -
From:
Milver S. Nisay
To: [EMAIL PROTECTED]
Sent: Monday, July 12, 2004 10:16
AM
Subject: Re: I have to make choice
between GNUradius and freeradius. My requirements are generally those of ISP.
Which one will you
Thanks Alan.
May I know why FreeRADIUS is your *only* choice for wireless.
Amit Gupta
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 12, 2004 7:12 AM
Subject: FreeRADIUS versus GNU radius
> "Amit Gupta" <[EMAIL PROTECTED]> wrote:
Thanks Paul.
May I know reasons for preferring freeradius. Our current system is based on
freeradius but we are planning to reengineer this to accommodate better
features.
Amit Gupta
- Original Message -
From: "Paul Hampson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 1
OK, I downloaded the latest Version. But during the
make process there was an error:
/usr/apps/freeradius-snapshot-20040712/libtool --mode=link gcc
rlm_dbm_parser.o ../../lib/libradius.la -lcrypto -o rlm_dbm_parser
gcc rlm_dbm_parser.o -o .libs/rlm_dbm_parser ../../lib/.libs/libradius.so
-lcry
59 matches
Mail list logo